IE FIX 4 ? or 5 ? or 6? have lost count

[Snuffy]

Microsoft changes tune, may patch IE7 bug
Wednesday, October 10, 2007,
Although Microsoft Corp. fixed four flaws in Internet Explorer (IE) yesterday, it did not address a protocol-handling problem that could trick users into downloading malware, a move that surprised at least one security researcher. The company, however, said it has reopened its investigation and may provide a patch in the future.

"I was prepared to talk about a patch yesterday," said Andrew Storms, director of security operations at nCircle Network Security Inc. "I expected to see Microsoft retract its prior stance and fix this."

Storms was referring to the position that Microsoft first staked out in July -- that Windows and IE are not to blame for the protocol-handling vulnerabilities cited by multiple researchers. This week, the blame game returned when Juergen Schmidt, a researcher at Heiese Security, said IE7 passed invalid Uniform Resource Identifiers (URI) to Windows XP, a bug that attackers could exploit to launch malicious code or scripts if users simply clicked on a link.

View Full Article: Computerworld
http://www.computerworld.com/action/...rce=rss_news10

[CrowdAds]

[Snuffy]

Microsoft changes mind, agrees to fix IE's URI handler
Yesterday, October 11, 2007, | jeremy@arstechnica.com (Jeremy Reimer)
Microsoft has stated that they will be releasing a patch to fix some, but not all, potential security flaws resulting from third-party applications being fed maliciously malformed URI requests.

A strange cross-browser vulnerability arose earlier this year that affected Firefox users, but only if Firefox was called from Internet Explorer. This bizarre bug involved URIs in Internet Explorer that could invoke third-party applications such as Firefox and then get them to execute arbitrary code. Microsoft claimed that the responsibility was solely that of the third-party developers, whereas others put the blame on Internet Explorer itself. Mozilla released a patch for Firefox that fixed the bug, and in the inimitable style of Internet arguing, this has convinced some people that Microsoft was right all along and others that Microsoft was wrong the whole time. Now, to confuse the matter still further, Microsoft employee Jonathan Ness has posted a note on his Internet Explorer blog explaining that Microsoft is preparing to release a patch for Internet Explorer 7 that will mitigate some, but not all, of these URI issues.

Related StoriesMicrosoft: IE7 vulnerability reports are inaccurate
Microsoft acknowledges XMLHTTP vulnerability
The Uniform Resource Identifier (URI) is a superset of the URL that identifies resources and instructs the browser on how to act on that resource. Maliciously-formed URIs can exploit bugs in the applications that they call in order to execute arbitrary code. Simply taking out all URI functionality in order to prevent any bugs of this kind is not really possible: Ness writes that "While we might have been able to make changes in some Windows APIs to block these attacks, doing so could break how the third party applications intended those protocol handlers to function." There are many useful functions that result from one application calling another, and removing this ability completely is not a good solution for most people.
<|>
Source:
http://arstechnica.com/news.ars/post...i-handler.html

Quote:

Originally Posted by Snuffy

Seems to me the 3d partys should fix there own stuff...That is what Vista was suppose to do... you want to use junk (3d party software) which is poorly written it should be my fault not MS(s).

Quote:

Windows Vista users running IE 7 are unaffected, and Ness states that people still running IE6 are not affected either.

[shufei6923561]

is runescape gold site safe?

ablogger.jinbo:jinbopolo sport,polos sport,polo shirtsolo sport,polos sport,polo shirtspuma shoes,puma shoe,cheap puma shoes: puma shoes,puma shoe,cheap puma shoesugg boots,cheap ugg boots,ugg boot:ugg boots,cheap ugg boots,ugg booted hardy shirts,ed hardy clothes: ed hardy shirts,ed hardy clotheshair straightener,hair straighteners:hair straightener,hair straightenershair straightener,hair straighteners,cheap:hair straightener,hair straighteners,cheap hair straightenersed hardy,ed hardy shirts,ed hardy clothed hardy,ed hardy shirts,ed hardy clothWonderful Online Wholesale and Retail Mall tradewe:Wonderful Online Wholesale and Retail Mall ugg,uggs,ugg boot,ugg boots:uggs, women's uggs, ugg boots, ugg slippers, men's uggs, sheepskin boots, women's boots, women's shoespolo shirt,polo shirts,Lacoste polo shirtsolo shirt,polo shirts,Lacoste polo shirtspuma shoes,cheap puma shoesuma shoes,cheap puma shoescool ed hardy,cheap ed hardy,ed hardy shirts: cool ed hardy,cheap ed hardy,ed hardy shirtsbest polo shirts,cheap polo shirts,lovely polo: best polo shirts,cheap polo shirts,lovely polocheap puma shoes,women's puma shoes,lovely puma:cheap puma shoes,women's puma shoes,lovely pumauggs boots,cheap ugg boots: uggs boots,cheap ugg bootscheap hair straighteners,best hair straighteners: cheap hair straighteners,best hair straightenersed hardy,ed hardy shirts,ed hardy shoes: ed hardy,ed hardy shirts,ed hardy shoesed hardy shoes,ed hardy clothing: ed hardy shoes,ed hardy clothinged hardy women's,ed hardy clothing,ed hardy: ed hardy women's,ed hardy clothing,ed hardypolo shirts,cheap polo shirts: polo shirts,cheap polo shirtspolo shirt,polo shirts: polo shirt,polo shirtspolo shirt,polo shirts,polo t shirts,polo t shirt: polo shirt,polo shirts,polo t shirts,polo t shirted hardy shoes,ed hardy shoe: ed hardy shoes,ed hardy shoe